Course Summary

This Microsoft Cybersecurity Architect (SC-100) CertPREP course prepares you for the Microsoft Exam SC-100 which includes designing a Zero Trust strategy and architecture; evaluating Governance Risk Compliance (GR) technical strategies and security operations strategies; designing security for infrastructure; and designing a strategy for data and applications.

The goal of this course is to provide you with all the tools you need to prepare for the SC-100 Microsoft Cybersecurity Architect exam — including text explanations, video demos, lab activities, self-assessment questions, and a practice exam— to increase your chances of passing the exam on your first try.

Methodology:

180-day access to:

  • Lessons
  • Video learning
  • MeasureUp Practice Test for Microsoft SC-100. Practice Mode with remediation and Certification mode to simulate the test day experience.
Duration: 

18 hours of primary content. Each learner will learn at their own pace.

Audience

Students with advanced experience and knowledge in a wide range of security engineering areas, including identity and access, platform protection security operations, securing data, and securing applications.

Prerequisites: 
  • 3-5 years of experience in a wide range or security engineering areas
  • Experience with hybrid and cloud implementations
Course Outline:

Upon successful completion of this course, students should be able to:  

  • Build an overall security strategy an architecture.
  • Design a security operations strategy.
  • Design an identity security strategy.
  • Design a regulatory compliance strategy.
  • Evaluate security posture and recommend technical strategies to manage risk.
  • Design a strategy for securing server and client endpoints.
  • Design a strategy for securing SaaS, PaaS, and IaaS services.
  • Specify security requirements for applications.
  • Design a strategy for securing data.
  • Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices.
  • Recommend a secure methodology by using the Cloud Adoption Framework (CAF).
  • Recommend a ransomware strategy by using Microsoft Security Best Practices.

Lesson 1: Build an overall security strategy and architecture (2 hours and 48 minutes).

  • Skill 1.1: Identify the integration points in an architecture by using Microsoft Cybersecurity Reference Architectures (MCRA) (36 minutes).
    • MCRA and Cloud Adoption Framework Secure Methodology.
    • How to use the MCRA to identify integration points.
  • Skill 1.2: Translate business goals into security requirements (24 minutes)
    • Translation process.
  • Skill 1.3: Translate security requirements into technical capabilities, including security services, security products and security processes (1 hour).
    • Requirement: Mitigate compromise of accounts using password spray and other credential compromise.
    • Requirement: Shorten response times to attacks across resources in the environment.
    • Requirement: Integrate network security into Infrastructure as a Code (IaC) automation.
    • Requirement: Enable eDiscovery processes for Office 365 data.
  • Skill 1.4: Design security for a resiliency strategy (24 minutes).
    • Reducing risk by reducing critical security events.
    • Resilience requires shifting from a network-centric to an asset- and data-centric mindset.
  • Skill 1.5: Integrate a hybrid or multi-tenant environment into a security strategy (12 minutes).
  • Skill 1.6: Develop a technical governance strategy for security (12 minutes).
  • Summary
  • Case Study
  • Quiz

Lesson 2: Design a security operations strategy (5 hours and 24 minutes)

  • Skill 2.1: Design a logging and auditing strategy to support security operations (1 hour).
    • Centralizing log collection.
    • Deciding which logs have security value.
    • Designing security operations use cases.
    • Determining log retention periods.
  • Skill 2.2: Develop security operations to support a hybrid or multi-cloud environment (1 hour).
    • Cross-platform log collection.
    • Cloud security posture management (CSPM).
    • Focus on identity.
    • Internet of Things (IoT)/Operational Technology (OT) coverage.
  • Skill 2.3: Design a strategy for SIEM and SOAR (48 minutes).
    • Microsoft Security Operations Reference Architecture.
    • Ingest logs into your SIEM.
    • Automate, automate, automate.
  • Skill 2.4: Evaluate security workflows (36 minutes).
    • General incident response workflow.
    • Automation, automation, automation (again).
  • Skill 2.5: Evaluate a security operations strategy for the incident management lifecycle (1 hour and 24 minutes).
    • Microsoft’s approach to security incident management.
    • Detection and analysis.
    • Post-incident activity.
  • Skill 2.6: Evaluate a security operations strategy for sharing technical threat intelligence (36 minutes).
    • Microsoft’s threat intelligence strategy.
    • Sharing technical threat intelligence in your organization.
  • Summary
  • Case Study
  • Quiz

Lesson 3: Design an identity security strategy (6 hours and 36 minutes).

  • Skill 3.1: Design a strategy for access to cloud resources (1 hour and 24 minutes).
    • Identity-related access controls.
    • Network-related access controls.
    • Coordinated identity and network access.
    • Interconnection and cross-service collaboration.
    • Assume-breach and explicitly verify.
    • People, process, and technology approach.
  • Skill 3.2: Recommend an identity store (tenants, B2B, B2C, and hybrid) (36 minutes).
    • Foundational implementations.
    • External collaboration.
  • Skill 3.3: Recommend an authentication strategy (1 hour).
    • Enterprise accounts.
    • Specialized accounts.
    • Controlling authentication sessions.
    • Key recommendations.
  • Skill 3.4: Recommend an authorization strategy (48 minutes).
    • Configuring access to support authorization.
    • Decentralized identities.
    • Key recommendations.
  • Skill 3.5: Design a strategy for conditional access (24 minutes).
    • Key recommendations.
  • Skill 3.6: Design a strategy for role assignment and delegation (36 minutes).
    • Delegating to non-administrators.
    • Delegating access to service providers.
  • Skill 3.7: Design security strategy for privileged-role access to infrastructure, including identity-based firewall rules and Azure PIM (1 hour).
    • Privileged Access Workstation (PAW).
    • Privileged Identity Management (PIM).
    • Microsoft Entra Permissions Management.
    • Key recommendations.
  • Skill 3.8: Design security strategy for privileged activities, including PAM, entitlement management, and cloud tenant administration (48 minutes).
    • Privileged Access Workstation (PAM).
    • Privileged Identity Management (PIM).
    • Microsoft Entra Permission Management.
  • Summary
  • Case Study
  • Quiz

Lesson 4: Design a regulatory compliance strategy (1 hour and 48 minutes).

  • Skill 4.1: Interpret compliance requirements and translate specific technical capabilities (new or existing) (36 minutes).
    • Security compliance translation process.
    • Resolving conflicts between compliance and security.
  • Skill 4.2: Evaluate infrastructure compliance by using Microsoft Defender for Cloud (12 minutes).
  • Skill 4.3: Interpret compliance scores and recommend actions to resolve issues or improve security (12 minutes).
  • Skill 4.4: Design implementation of Azure Policy (12 minutes).
  • Skill 4.5: Design for data residency requirements (12 minutes).
  • Skill 4.6: Translate privacy requirements into requirements for security solutions (24 minutes).
    • Security and privacy.
  • Summary
  • Case Study
  • Quiz

Lesson 5: Evaluate security posture and recommend technical strategies to manage risk (4 hours and 48 minutes).

  • Skill 5.1: Evaluate security posture by using benchmarks (including Azure Security benchmarks for Microsoft Cloud security benchmark, ISO 27001, etc.) (48 minutes).
    • Microsoft Cloud security benchmark.
    • Monitoring your MCSB compliance.
    • Industry standards.
  • Skill 5.2: Evaluate security posture by using Microsoft Defender for Cloud (1 hour).
    • Defender for Cloud.
    • Security posture management.
    • Considerations for multi-cloud.
    • Considerations for vulnerability assessment.
  • Skill 5.3: Evaluate security posture by using Secure Scores (24 minutes).
  • Secure Score in Defender for Cloud.
  • Skill 5.4: Evaluate security posture of cloud workloads (24 minutes).
  • Workload security.
  • Skill 5.5: Design security for an Azure Landing Zone (1 hour and 12 minutes).
    • Design principles.
    • Enforcing guardrails.
    • Single management plane.
    • Application–centric.
    • Security considerations.
  • Skill 5.6: Interpret technical threat intelligence and recommend risk mitigations (36 minutes).
    • Threat intelligence in Defender for Cloud.
    • Threat intelligence in Microsoft Sentinel.
  • Skill 5.7: Recommend security capabilities or controls to mitigate identified risks (24 minutes).
    • Identifying and mitigating risks.
  • Summary
  • Case Study
  • Quiz

Lesson 6: Design a strategy for securing server and client endpoints (9 hours and 36 minutes).

  • Skill 6.1: Specify security baselines for server and client endpoints (2 hours and 48 minutes).
    • Group Policy Objects (GPO).
    • Security Compliance Toolkit (SCT).
    • Azure Security Benchmark (ASB).
    • Microsoft Endpoint Manager (MEM).
    • PowerShell DSC.
    • Azure Automation.
    • Azure Policy.
    • Azure Resource Manager (ARM) templates.
    • Microsoft Defender for Cloud (MDC).
    • Microsoft Defender for IoT (MDIoT).
    • Baseline configuration.
    • Key Recommendations.
  • Skill 6.2: Specify security requirements for servers, including multiple platforms and operating systems (1 hour and 36 minutes).
    • Shared responsibility in the cloud.
    • Legacy insecure protocols.
    • Threat protection.
    • Local Administrator Password Management (LAPS).
    • User rights assignments.
    • Network-based controls.
  • Skill 6.3: Specify security requirements for mobile devices and clients, including endpoint protection, hardening, and configurations (1 hour and 48 minutes).
    • Local Administrator Password Management.
    • Basic Mobility and Security.
    • Threat protection.
    • Conditional access.
    • Microsoft Intune.
    • User rights assignments.
    • Micro-segmentation.
    • Other security controls.
  • Skill 6.4: Specify requirements to secure Active Directory Domain Services (1hour and 12 minutes).
    • Secure the control plane.
    • Privileged Access Management.
    • Key recommendations.
    • Microsoft Defender for Identity.
    • Active Directory Federation Services (AD FS).
  • Skill 6.5: Design a strategy to manage secrets, keys, and certificates (1 hour).
    • Access control.
    • Configuration control.
    • Key management.
    • Key recommendations.
  • Skill 6.6: Design a strategy for secure remote access (1hour and 36 minutes).
    • Key configurations to enable secure remote access.
    • Remote access to desktop, applications, and data.
    • Remote access to on-premises web applications.
    • RDP/SSH connectivity.
    • Remotely provisioning new devices.
    • B2B collaboration.
    • Key recommendations.
  • Summary
  • Case Study
  • Quiz

Lesson 7: Design a strategy for securing SaaS, PaaS, and IaaS services (4 hours).

  • Skill 7.1: Specify security baselines for SaaS, PaaS, and IaaS services (24 minutes).
    • Specify security baselines for SaaS services.
  • Skill 7.2: Specify security requirements for IoT workloads (36 minutes).
    • Security requirements.
    • Security posture and threat detection.
  • Skill 7.3: Specify security requirements for data workloads, including SQL, Azure SQL Database, Azure Synapse, and Azure Cosmos DB (24 minutes).
    • Security considerations for Azure Cosmos DB.
  • Skill 7.4: Specify security requirements for web workloads, including Azure App Service (48 minutes).
    • Network communication.
    • Authentication and authorization.
    • Security posture and threat protection.
  • Skill 7.5: Specify security requirements for storage workloads, including Azure Storage (1 hour).
    • Data protection.
    • Identity and access management.
    •  
    • Logging and monitoring.
  • Skill 7.6: Specify security requirements for containers (24 minutes).
    • Hardening access to Azure Container Registry.
  • Skill 7.7: Specify security requirements for container orchestration (24 minutes).
    • Threat detection.
  • Summary
  • Case Study
  • Quiz

Lesson 8: Specify security requirements for applications (2 hours).

  • Skill 8.1: Specify priorities for mitigating threats to applications (48 minutes).
    • Classifying applications.
    • Application threat modeling.
    • Microsoft Security Development Lifecycle (SDL).
  • Skill 8.2: Specify a security standard for onboarding a new application (36 minutes).
    • Old versus new.
    • Security standards for onboarding applications.
  • Skill 8.3: Specify a security strategy for applications and APIs (36 minutes).
    • Waterfall to Agile/DevOps.
    • Security in DevOps (DevSecOps).
  • Summary
  • Case Study
  • Quiz

Lesson 9: Design a strategy for securing data (2 hours and 12 minutes)

  • Skill 9.1: Specify priorities for mitigating threats to data (36 minutes)
    • Common threats.
    •  
  • Skill 9.2: Design a strategy to identify and protect sensitive data (1 hour)
    • Know your data.
    • Protect your data.
    • Prevent data loss.
    • Govern your data.
  • Skill 9.3: Specify an encryption standard for data at rest and in motion (36 minutes) Encrypt at rest.
    • Encryption in motion.
  • Summary
  • Case Study
  • Quiz

Lesson 10: Microsoft Cybersecurity Reference Architectures and Microsoft cloud security benchmark best practices (48 minutes).

  • Skill 10.1: Recommend best practices for cybersecurity capabilities and controls (12 minutes).
  • Skill 10.2: Recommend best practices for protecting from insider and external attacks (12 minutes).
  • Skill 10.3: Recommend best practices for Zero Trust security (12 minutes)
  • Skill 10.4: Recommend best practices for the Zero Trust Rapid Modernization Plan (12 minutes).
  • Summary
  • Case Study
  • Quiz

Lesson 11: Recommend a secure methodology by using the Cloud Adoption Framework (CAF) (2 hours and 36 minutes)

  • Skill 11.1: Recommend a DevSecOps process (1 hour and 12 minutes)
    • DevSecOps Control.
    • Plan and develop.
    • Commit the code.
    • Build and test.
    • Go to production and operate.
  • Skill 11.2: Recommend a methodology for asset protection (48 minutes)
    • Getting secure.
    • Staying secure.

Key recommendations for an asse protection program

  • Skill 11.3: Recommend strategies for managing and minimizing risk (36 minutes)
    • Measuring risk.
    • Managing security risk.
  • Summary
  • Case Study
  • Quiz

Lesson 12: Recommend a ransomware strategy by using Microsoft Security Best Practices (1 hour and 48 minutes)

  • Skill 12.1: Plan for ransomware protection and extortion-based attacks (36 minutes)
    •  
    • Security hygiene and damage control.
  • Skill 12.2: Protect assets from ransomware attacks (48 minutes)
    • Enter environment.
    • Traverse and spread.
    • Execute objective.
  • Skill 12.3: Recommend Microsoft ransomware best practices (24 minutes)
    • Best practices.
  • Summary
  • Case Study
  • Quiz

Leave Us A Message

    Please ensure all* required fields are completed, and we will get in touch with you shortly.



    The reCAPTCHA verification period has expired. Please reload the page.

    RU Academy

    Level 7, Oasis Wing, Brunfield Oasis Tower 3 No.2, Jalan PJU 1A/7A, Oasis Square, Oasis Damansara, Petaling Jaya 47301, Selangor

    Tel : + 603-7848-5937
    WhatsApp : +6018-2010943